The Group Policy Central Store is located in the SYSVOL directory on the domain controllers, replicated between them, and used to store ADMX/ADML GPO template files used to manage Active Directory domain clients. In this article, we’ll show how to create a GPO Central Store, copy administrative (admx) templates to it, and update the template files to support the latest Windows versions.
If you have not created a Central Store for Group Policy files, the list of administrative templates is loaded from the C:\Windows\PolicyDefinitions folder on a local computer when you run the domain GPO editor (gpmc.msc – Group Policy Management Console). Then you will see the following message next to the Administrative Templates section of your GPO editor: Policy definitions (ADMS files) retrieved from the local computer.
If you want to force your GPO editor to use local administrative templates from the current computer, create a REG_DWORD parameter with the name EnableLocalStoreOverride and value 1 under the HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows registry key.
Each computer or server may have different ADMX file versions (for example, depending on Windows version and build). Accordingly, some GPO settings may not be available to the administrator on some computers. To address this issue, the Group Policy administrative templates central repository (GPO Central Store) was developed.
By default, the GPO Central Store in Active Directory is not created. To create a repository, copy the local PolicyDefinitions folder from any domain controller to the \\woshub.com\SYSVOL\woshub.com\Policies folder.
Both administrative template (*.admx) and localization files (*.adml) will appear in the PolicyDefinitions folder in SYSVOL. If you want to see policy or section names in the GPO editor in German, copy locale subdirectories with ADML files for all languages that will be used by Group Policy administrators (for example, de_DE and en_US folders).
I recommend using only English ADML files for GPOs (en-US folder), even if you are using the Deutsch Windows version.
Then update ADMX templates in the Central Store to the latest Windows version available in your domain environment. The template files in the Central Store are replicated to all domain controllers. Learn more about how to install and update ADMX templates.
In my case, I will copy the PolicyDefinitions folder from Windows 10 to the GPO Central Store.
You can copy the files using PowerShell:
$Destination = "\\woshub.com\SysVol\woshub.com\Policies\PolicyDefinitions"
$Source = "C:\Windows\PolicyDefinitions"
Copy-Item -Path $Source\* -Destination $Destination –Recurse –Force –PassThru
You can download GPO administrative templates for all new Windows versions here: https://docs.microsoft.com/en-us/troubleshoot/windows-client/group-policy/create-and-manage-central-store.
You can also copy other ADMX templates to GPO Central Store. For example, there may be administrative templates for Microsoft Office, Microsoft Security Baseline, Firefox, Chrome, LAPS, Java settings, Adobe Reader, etc.
Open the Group Policy Management Editor and make sure that there is the message Policy Definitions (ADMX files) retrieved from the central store next to Administrative Templates. Local administrative templates are ignored in this case.
Now you can configure your GPOs, and apply new Group Policy settings on the clients.
In some cases, after updating the Central Store you may see multiple errors like shown below when you start the GPO editor:
Administrative Templates Resource xxxx referenced in attribute xxxx could not be found.File \\xxx\SysVol\ xxx \Policies\PolicyDefinitions\xxx.admx, line 175, column 331
Then make sure that you have updated GPO language files (*.adml) in en-US, de-DE, etc. folders. If the problem persists, restore the PolicyDefinitions directory from a backup folder (or a domain controller backup image).
To make the new administrative templates available on all domain controllers, wait for the file replication service to copy the changes to other DCs.